Reduce your Attack Surface

Adding software or devices to your environment increases your attack surface as they must be maintained and monitored.

"Now you have two problems, the inital one and now this new thing that must be maintained, will you get another third product to maintain these two, next?"

Disable all features that aren't absolutely necessary and then add only as needed.

Start with a clean baseline

Spend your time upfront building and documenting a baseline image containing all the necessary configurations up front for your workstations and servers and use it going forward. It will save you time when building new systems and it will provide you a configuration repository that you can easily reference later.

Your baseline should include all of the necesary components to get your {workstation, server} live.

Operating System Installed and Updated

Client and Server Applications Installed

Unnecssary services disabled

Verified Configurations (NIST, CIS)

Automation Applied (Ansible, Puppet, Chef)

Backups Configured

Data Stores Tested

Functionality Tested

By putting forth the effort up front, you significantly reduce your attack surface and separate your production environment from the slap-dash throw it together quick of days gone by.